Information detailed on this page should not be considered as legal advice. If GDPR does not apply to your organization or the region of your users, you should consider any other relevant data laws.
You can find legal GDPR documentation here.
The European Union’s General Data Protection Regulation (GDPR) is a comprehensive data privacy and protection law. It applies to any organization that collects or processes personal data from EU residents.
Non-compliance with GDPR can result in significant fines and legal action.
GDPR is similar to global data privacy regulations like California's Consumer Privacy Act (CCPA) and Canada's Personal Information Protection and Electronic Documents Act (PIPEDA).
With Riddle, you have the ability to collect personal data, particularly for lead forms. This is why it’s important to make sure you’re set up to be GDPR-compliant.
Personal data protected by the GDPR includes:
You have a legal responsibility to protect any personal data you collect or process as an organization.
Quizzes are powerful data capture tools. The great news is that Riddles are built to be GDPR-compliant — although there are still a few things you need to do to ensure full compliance.
All data is stored on our own servers in Germany and Luxembourg in a secure, banking-grade data center. We do not use cloud-based or shared storage services.
By default, we only store aggregate Riddle data. If you choose to collect personal data using a lead form, there are two ways you can choose to store lead data securely.
To ensure further security of data, all logins are secured by two-factor authentication (2FA).
When an individual takes a Riddle, we do not track their personal data.
Any Riddle content you create and embed does not track:
We add just one anonymous session cookie for your embedded content, without collecting any personal data. You can find a detailed list of how we use cookies here.
We’re transparent with our users, and give them full control over their data.
When users fill in lead-forms, they are given the opportunity to opt-in to how their data will be stored, processed, and used.
As a Riddle creator, you can also choose to require double-opt in. This is where leads have to go through email confirmation. Only data from confirmed emails will be stored.
Only you and team members with accounts can view data collected from your Riddles. This includes personal, identifiable data from lead forms.
You own all the content you create with Riddle. We do not make your content searchable on our website, or repurpose it for our own materials. Users can also turn off the showcase link to make sure that your content is only visible to the audience of your choice.
Riddle’s interactive content and quizzes give you the ability to collect high-quality leads. You can do this by adding a lead form into your Riddle content.
There are 3 ways you can securely store and share lead data in a GDPR-compliant way.
All data will be encrypted and can only be viewed by being decrypted when you or your team members securely log in to Riddle. Encrypted data cannot be accessed by our staff, unless your team:
Leads have the option to opt-in to how their data is stored, processed and used. If they take the Riddle but do not complete the form, their quiz responses will be shown as ‘withheld’.
Connect your data to tools such as MailChimp, Google Sheets, and AWeber. We’ll securely send this data and it will never touch our servers. Check out all of our integrations here.
Use Zapier or a webhook to send data directly to your own secure database or a CRM platform. We’ll securely send this data and it will never touch our servers. You can read more about webhooks here.
You can also read more about how to generate leads in a GDPR-compliant way here.